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DETAILED ACTION 



1. 



Claims 1-70 are pending for examination. 



2. 



Claims 1-70 are rejected. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 



4. Claims 1-9,12,16,19-20,23-31,34,38,41-42,45-55,58,62,65-66,69-70 are rejected under 
35 U.S.C. 102(b) as being anticipated by Bots et al, U.S. Patent 6,226,748 Bl. 



[figure 2, col. 2, lines 44-54, col. 4,lines 67-col. 5,line 3, col. 5, lines 61-col. 6, line 37] to have a 
single tunnel definition and a single security policy for a plurality of tunnels associated with a 
group name comprising the steps of: configuring [col. 4,lines 3-27, the VPN server functions are 
either hardware or hardware/software combinations, such that the configuration of such (i.e., via 
the computer operating system utilizing appropriate resident or loadable applications) would be 
an inherent computer function associated with the computer part of the VPN server] a group 
database in said server node, wherein said group database in said server node comprises said 
group name and a list of members associated with said group name [col. 6,lines 34-36, col. 



5. 



As per claim 1 ; "A method for allowing a server node in a virtual private network 
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8, lines 15-33]; and configuring a rules database in said server node, wherein said rules database 
associates said group name with a particular security policy, wherein said server node has a 
single security policy for each of the plurality of tunnels associated with said group name [col. 2, 
lines 55-65, col. 7,lines 20-55, col. 8,lines 5-15]." ; 

And further as per claim 25; "A network system [This claim is the apparatus of method 
claim 1, and is rejected for the same reasons provided for the claim 1 rejection above, where the 
Bots et al invention is clearly a network system (i.e., col. 4,lines 15-27)] comprising: a plurality 
of tunnels associated with a group name, wherein each of said plurality of tunnels associated 
with said group name comprises a plurality of nodes, wherein each of said plurality of nodes 
comprises a communication adapter to interconnect with said virtual private network, wherein 
one of said plurality of nodes is a server node, wherein one of said plurality of nodes is a client 
node, wherein said server node comprises: a group database, wherein said group database 
comprises said group name and a list of members associated with said group name; and a rules 
database, wherein said rules database associates said group name with a particular security 
policy, wherein said server node has a single security policy for each of the plurality of tunnels 
associated with said group name."; 

And further as per claim 47; "A computer program product having a computer readable 
medium having computer program logic recorded thereon [This claim is the software embodied 
on computer readable media for the method of claim 1, and is rejected for the same reasons 
provided for the claim 1 rejection above] for allowing a server node in a virtual private network 
to have a single tunnel definition and a single security policy for a plurality of tunnels associated 
with a group name, comprising: programming operable for configuring a group database in said 
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server node, wherein said group database in said server node comprises said group name and a 
list of members associated with said group name; and programming operable for configuring a 
rules database in said server node, wherein said rules database associates said group name with a 
particular security policy, wherein said server node has a single security policy for each of the 
plurality of tunnels associated with said group name.". 

6. Claim 2 additionally recites the limitations that "The method as recited in claim 1 further 
comprising the step of configuring a tunnel definition database in said server node, wherein a 
remote ID in said tunnel definition is defined as said group name, wherein said server node has a 
single tunnel definition for each of the plurality of tunnels associated with said group name.". 
The teachings of Bots et al (col. 7, lines 4-19, lines 32-39, lines 55-col. 8, line 4) suggest such 
limitations; 

And further as per claim 26; 'The network system as recited in claim 25 [This claim is 
the apparatus of method claim 2, and is rejected for the same reasons provided for the claim 2 
rejection above], wherein said server node further comprises: a tunnel definition database, 
wherein a remote ID in said tunnel definition is defined as said group name, wherein said server 
node has a single tunnel definition for each of the plurality of tunnels associated with said group 
name."; 

And further as per claim 48; "The computer program product as recited in claim 47 [This 
claim is the software embodied on computer readable media for the method of claim 2, and is 
rejected for the same reasons provided for the claim 2 rejection above] further comprises: 
programming operable for configuring a tunnel definition database in said server node, wherein a 
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remote ID in said tunnel definition is defined as said group name, wherein said server node has a 
single tunnel definition for each of the plurality of tunnels associated with said group name.". 

7. Claim 3 additionally recites the limitations that "The method as recited in claim 2 further 
comprising the step of activating a particular tunnel of said plurality of tunnels associated with 
said group name, wherein said particular tunnel is associated with a particular member of said 
group name.". The teachings of Bots et al (col. 7, lines 4-19, lines 32-39, lines 55-col. 8, line 4) 
suggest such limitations; 

And further as per claim 27; "The network system [This claim is the apparatus of method 
claim 3, and is rejected for the same reasons provided for the claim 3 rejection above] as recited 
in claim 26, wherein a particular tunnel of said plurality of tunnels associated with said group 
name is activated, wherein said particular tunnel is associated with a particular member of said 
group name."; 

And further as per claim 49; "The computer program product as recited in claim 48 [This 
claim is the software embodied on computer readable media for the method of claim 3, and is 
rejected for the same reasons provided for the claim 3 rejection above] further comprises: 
programming operable for activating a particular tunnel of said plurality of tunnels associated 
with said group name, wherein said particular tunnel is associated with a particular member of 
said group name.". 

8. Claim 4 additionally recites the limitations that "The method as recited in claim 3 further 
comprising the step of transferring data across said particular tunnel.". The teachings of Bots et 
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al (col. 7,lines 4-19, lines 32-39, lines 55-col. 8,line 4, col. 6,lines 29-36) suggest such 
limitations; 

And further as per claim 50; "The computer program product as recited in claim 49 [This 
claim is the software embodied on computer readable media for the method of claim 4, and is 
rejected for the same reasons provided for the claim 4 rejection above] further comprises: 
programming operable for transferring data across said particular tunnel.". 

9. Claim 5 additionally recites the limitations that "The method as recited in claim 1, 
wherein said list of members associated with said group name comprise an ID type and an ID of 
each member associated with said group name.". The teachings of Bots et al (col. 6,lines 34-36, 
col. 8, lines 15-33,45-63) suggest such limitations. Further, it would be inherent that for any table 
(list) oriented data structure, such as the said group/member database, the database entries would 
be the member elements themselves (i.e.; member ID's) , and would be inherently of the same 
type (i.e., member ID types); 

And further as per claim 28; "The network system [This claim is the apparatus of method 
claim 5, and is rejected for the same reasons provided for the claim 5 rejection above] as recited 
in claim 25, wherein said list of members associated with said group name comprise an ID type 
and an ID of each member associated with said group name."; 

And further as per claim 5 1 ; "The computer program product as recited in claim 47 [This 
claim is the software embodied on computer readable media for the method of claim 5, and is 
rejected for the same reasons provided for the claim 5 rejection above], wherein said list of 
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members associated with said group name comprise an ID type and an ID of each member 
associated with said group name.". 

10. Claim 6 additionally recites the limitations that "The method as recited in claim 5, 
wherein said ID type is an Internet Key Exchange (IKE) defined m type, wherein said list of 
members is a non-contiguous list of IKE defined ID types.". The teachings of Bots et al (col. 
6, lines 34-36, col. 8,lines 15-33,45-63) suggest such limitations. Further, it would be inherent 
that for any table (list) oriented data structure, such as the said group/member database, the 
database entries would be the member elements themselves (i.e., member ID's), and would be 
inherently of the same type (i.e., member ID types); 

And further as per claim 29; "The network system [This claim is the apparatus of method 
claim 6, and is rejected for the same reasons provided for the claim 6 rejection above] as recited 
in claim 28, wherein said ID type is an Internet Key Exchange (IKE) defined ID type, wherein 
said list of members is a non-contiguous list of IKE defined ID types."; 

And further as per claim 52; "The computer program product as recited in claim 51 [This 
claim is the software embodied on computer readable media for the method of claim 6, and is 
rejected for the same reasons provided for the claim 6 rejection above], wherein said ID type is 
an Internet Key Exchange (IKE) defined ID type, wherein said list of members is a non- 
contiguous list of IKE defined ED types.". 

11. Claim 7 additionally recites the limitations that "The method as recited in claim 5, 
wherein said ID is a login ID.". The teachings of Bots et al (col. 6,lines 34-36, col. 8,lines 15- 
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33,45-63) suggest such limitations. Further, it would be inherent that for any table (list) oriented 
data structure, such as the said group/member database, the database entries would be the 
member elements themselves (i.e., member ID's) , and would be inherently of the same type 
(i.e., member ID types); 

And further as per claim 30; "The network system [This claim is the apparatus of method 
claim 7, and is rejected for the same reasons provided for the claim 7 rejection above] as recited 
in claim 28, wherein said ID is a login ID."; 

And further as per claim 53; "The computer program product as recited in claim 51 [This 
claim is the software embodied on computer readable media for the method of claim 7, and is 
rejected for the same reasons provided for the claim 7 rejection above], wherein said ID is a 
login ID.". 

12. Claim 8 additionally recites the limitations that "The method as recited in claim 5, 
wherein said ID is a specified name.". The teachings of Bots et al (col. 6,lines 34-36, col. 8, lines 
15-33,45-63) suggest such limitations. Further, it would be inherent that for any table (list) 
oriented data structure, such as the said group/member database, the database entries would be 
the member elements themselves (i.e., member ID's) , and would be inherently of the same type 
(i.e., member ID types); 

And further as per claim 3 1 ; "The network system [This claim is the apparatus of method 
claim 8, and is rejected for the same reasons provided for the claim 8 rejection above] as recited 
in claim 28, wherein said ID is a specified name."; 
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And further as per claim 54; "The computer program product as recited in claim 51 [This 
claim is the software embodied on computer readable media for the method of claim 8, and is 
rejected for the same reasons provided for the claim 8 rejection above], wherein said ID is a 
specified name.". 

13. Claim 9 additionally recites the limitations that "The method as recited in claim 2, 
wherein configuring said tunnel definition database in said server node comprises establishing 
said server node and a client node as the two end points of a particular tunnel". The teachings of 
Bots et al (col. 5,lines 20-25, col. 7, lines 4-19, lines 32-39, lines 55-col 8, line 4) suggest such 
limitations; 

And further as per claim 55; 'The computer program product as recited in claim 48 [This 
claim is the software embodied on computer readable media for the method of claim 9, and is 
rejected for the same reasons provided for the claim 9 rejection above], wherein configuring said 
tunnel definition database in said server node comprises establishing said server node and a 
client node as the two end points of a particular tunnel.". 

14. Claim 12 additionally recites the limitations that 'The method as recited in claim 1, 
wherein said group database in said server node comprises said group name and an ID type of 
each member of said group name and an ID of each member of said group name.". The teachings 
of Bots et al (col. 6,lines 34-36, col. 8,lines 15-33,45-63) suggest such limitations. Further, it 
would be inherent that for any table (list) oriented data structure, such as the said group/member 



• # 
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database, the database entries would be the member elements themselves (i.e., member ID's) , 
and would be inherently of the same type (i.e., member ID types); 

And further as per claim 34; 'The network system [This claim is the apparatus of method 
claim 12, and is rejected for the same reasons provided for the claim 12 rejection above] as 
recited in claim 25, wherein said group database in said server node comprises said group name 
and an ID type of each member of said group name and an ID of each member of said group 
name."; 

And further as per claim 58; "The computer program product as recited in claim 47 [This 
claim is the software embodied on computer readable media for the method of claim 12, and is 
rejected for the same reasons provided for the claim 12 rejection above], wherein said group 
database in said server node comprises said group name and an ED type of each member of said 
group name and an ID of each member of said group name.". 

15. Claim 16 additionally recites the limitations that "The method as recited in claim 1, 
wherein said rules database in said server node comprises said group name, a group name ID 
type and a security policy pointer.". The teachings of Bots et al (col. 2, lines 55-65, col. 7, lines 
20-55, col. 8, lines 5-33,45-63) suggest such limitations. Further, it would be inherent that for any 
table (list) oriented data structure, such as the said group/member database, the database entries 
would be the member elements themselves (i.e., member ID's) , and would be inherently of the 
same type (i.e., member ID types); 

And further as per claim 38; "The network system [This claim is the apparatus of method 
claim 16, and is rejected for the same reasons provided for the claim 16 rejection above] as 
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recited in claim 25, wherein said rules database in said server node comprises said group name, a 
group name ID type and a security policy pointer."; 

And further as per claim 62; "The computer program product as recited in claim 47 [This 
claim is the software embodied on computer readable media for the method of claim 16, and is 
rejected for the same reasons provided for the claim 16 rejection above], wherein said rules 
database in said server node comprises said group name, a group name ID type and a security 
policy pointer.". 

16. Claim 19 additionally recites the limitations that "The method as recited in claim 3, 
wherein activating said particular tunnel comprises the steps of sending a security policy stored 
in a policy database of a client node by said client node to said server node; sending a security 
policy stored in a policy database of said server node by said server node to said client node if 
said security policy stored in said policy database of said server node matches said security 
policy stored in said policy database of said client node [col. 7, lines 20-30]; sending a first 
nonce by said client node to said server node; sending a second nonce by said server node to said 
client node; sending a first ID by said client node to said server node; and sending a second ID 
by said server node to said client node." The teachings of Bots et al (col. 7,lines 4-19, lines 32- 
39, lines 55-col. 8,line 4, col. 8,lines 45-63, where the SKIP inherently encompasses the 
client/server, nonce, and ID transfers) suggest such limitations; 

And further as per claim 41; "The network system [This claim is the apparatus of method 
claim 19, and is rejected for the same reasons provided for the claim 19 rejection above] as 
recited in claim 27, wherein activating said particular tunnel comprises the steps of: sending a 
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security policy stored in a policy database of said client node by said client node to said server 
node; sending a security policy stored in a policy database of said server node by said server 
node to said client node if said security policy stored in said policy database of said server node 
matches said security policy stored in said policy database of said client node; sending a first 
nonce by said client node to said server node; sending a second nonce by said server node to said 
client node; sending a first ED by said client node to said server node; and sending a second ID 
by said server node to said client node."; 

And further as per claim 65; "The computer program product as recited in claim 49 [This 
claim is the software embodied on computer readable media for the method of claim 19, and is 
rejected for the same reasons provided for the claim 19 rejection above], wherein activating said 
particular tunnel comprises the steps of sending a security policy stored in a policy database of a 
client node by said client node to said server node; sending a security policy stored in a policy 
database of said server node by said server node to said client node if said security policy stored 
in said policy database of said server node matches said security policy stored in said policy 
database of said client node; sending a first nonce by said client node to said server node; 
sending a second nonce by said server node to said client node; sending a first ID by said client 
node to said server node; and sending a second ID by said server node to said client node.". 

17. Claim 20 additionally recites the limitations that "The method as recited in claim 19, 
wherein said first and second nonce are used to generate key material for said server and client 
node, respectively.". The teachings of Bots et al (col. 7,lines 4-19, lines 32-39, lines 55-col. 
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8,line 4, col. 8, lines 45-63, where the SKIP inherently encompasses the client/server, nonce, and 
ID transfers) suggest such limitations; 

And further as per claim 42; "The network system [This claim is the apparatus of method 
claim 20, and is rejected for the same reasons provided for the claim 20 rejection above] as 
recited in claim 41, wherein said first and second nonce are used to generate key material for said 
server and client node, respectively."; 

And further as per claim 66; 'The computer program product as recited in claim 65 [This 
claim is the software embodied on computer readable media for the method of claim 20, and is 
rejected for the same reasons provided for the claim 20 rejection above], wherein said first and 
second nonce are used to generate key material for said server and client node, respectively.". 

1 8. Claim 24 additionally recites the limitations that "The method as recited in claim 3, 
wherein activating said particular tunnel comprises the steps of: sending a security policy stored 
in a policy database of a client node by said client node to said server node; sending a security 
policy stored in a policy database of said server node by said server node to said client node if 
said security policy stored in said policy database of said server node agrees on the same set of 
protection suites at any point in time with said security policy stored in said policy database of 
said client node [col. 7, lines 20-30]; sending a first nonce by said client node to said server 
node; sending a second nonce by said server node to said client node; sending a first ID by said 
client node to said server node; and sending a second ID by said server node to said client 
node.". The teachings of Bots et al (col. 7,lines 4-19, lines 32-39, lines 55-col. 8,line 4, col. 
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8, lines 45-63, where the SKIP inherently encompasses the client/server, nonce, and ID transfers) 
suggest such limitations; 

And further as per claim 46; "The network system [This claim is the apparatus of method 
claim 24, and is rejected for the same reasons provided for the claim 24 rejection above] as 
recited in claim 27, wherein activating said particular tunnel comprises the steps of sending a 
security policy stored in a policy database of said client node by said client node to said server 
node; sending a security policy stored in a policy database of said server node by said server 
node to said client node if said security policy stored in said policy database of said server node 
agrees on the same set of protection suites at any point in time with said security policy stored in 
said policy database of said client node; sending a first nonce by said client node to said server 
node; sending a second nonce by said server node to said client node; sending a first ID by said 
client node to said server node; and sending a second ID by said server node to said client 
node."; 

And further as per claim 70; "The computer program product as recited in claim 49 [This 
claim is the software embodied on computer readable media for the method of claim 24, and is 
rejected for the same reasons provided for the claim 24 rejection above], wherein activating said 
particular tunnel comprises the steps of sending a security policy stored in a policy database of a 
client node by said client node to said server node; sending a security policy stored in a policy 
database of said server node by said server node to said client node if said security policy stored 
in said policy database of said server node agrees on the same set of protection suites at any point 
in time with said security policy stored in said policy database of said client node; sending a first 
nonce by said client node to said server node; sending a second nonce by said server node to said 
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client node; sending a first ID by said client node to said server node; and sending a second ID 
by said server node to said client node.". 

19. Claim 23 additionally recites the limitations that "The method as recited in claim 19, 
wherein said first ID is an ID of said particular member of said group name.". The teachings of 
Bots et al (col. 6,lines 34-36, col. 8, lines 15-33,45-63) suggest such limitations. Further, it would 
be inherent that for any table (list) oriented data structure, such as the said group/member 
database, the database entries would be the member elements themselves (i.e., member ID's) , 
and would be inherently of the same type (i.e., member ID types); 

And further as per claim 45; 'The network system [This claim is the apparatus of method 
claim 23, and is rejected for the same reasons provided for the claim 23 rejection above] as 
recited in claim 41, wherein said first ID is an ID of said particular member of said group 
name."; 

And further as per claim 69; "The computer program product as recited in claim 65 [This 
claim is the software embodied on computer readable media for the method of claim 23, and is 
rejected for the same reasons provided for the claim 23 rejection above], wherein said first ID is 
an ID of said particular member of said group name. ". 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

20. Claims 10-1 1,32-33,56-57 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bots et al, U.S. Patent 6,226,748 Bl, as applied to claim 9,26,55, respectively, above, and further 
in view Shrader, U.S. Patent 5,864,666. 
As per claims 10-11; 

(claim 10) "The method as recited in claim 9, wherein said tunnel definition database in said 
server node is configured by a user entering a local ID, a local ID type, said remote ID, and a 
remote ID type through a GUI.". Shrader teaches of using a web based GUI, command line (col. 
1, lines 15-34, col. 5,lines 13-col. 6,line 67) software application for IP tunneling (i.e., VPN 
architecture) administration (ABSTRACT, figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

(claim 11) "The method as recited in claim 9, wherein said tunnel definition database in said 
server node is configured by a user entering a local ID, a local ID type, said remote ID and a 
remote ID type through a command line interface.". Shrader teaches of using a web based GUI, 
command line (col. 1, lines 15-34, col. 5,lines 13-col. 6,line 67) software application for IP 
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tunneling (i.e., VPN architecture) administration (ABSTRACT, figures 4-7, and accompanying 
descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

As per claims 32-33; 

(claim 32) "The network system [This claim is the apparatus of method claim 10, and is rejected 
for the same reasons provided for the claim 10 rejection above] as recited in claim 26, wherein 
said tunnel definition database in said server node is configured by a user entering a local ID, a 
local ID type, said remote ID and a remote ID type through a GUI"; 

(claim 33) "The network system [This claim is the apparatus of method claim 11, and is rejected 
for the same reasons provided for the claim 1 1 rejection above] as recited in claim 26, wherein 
said tunnel definition database in said server node is configured by a user entering a local ID, a 
local ID type, said remote ID and a remote ID type through a command line interface."; 
As per claims 56-57; 

(claim 56) "The computer program product as recited in claim 55 [This claim is the software 
embodied on computer readable media for the method of claim 10, and is rejected for the same 
reasons provided for the claim 10 rejection above], wherein said tunnel definition database in 
said server node is configured by a user entering a local ID, a local ID type, said remote m and a 
remote ID type through a GUI.". 
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(claim 57) 'The computer program product as recited in claim 55 [This claim is the software 
embodied on computer readable media for the method of claim 11, and is rejected for the same 
reasons provided for the claim 1 1 rejection above], wherein said tunnel definition database in 
said server node is configured by a user entering a local ID, a local ID type, said remote ID and a 
remote ED type through a command line interface.". 

21. Claims 13-15,35-37,59-61 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bots et al, U.S. Patent 6,226,748 Bl, as applied to claim 12,34,58, respectively, above, and 
further in view Shrader, U.S. Patent 5,864,666. 
As per claims 13-15; 

(claim 13) "The method as recited in claim 12, wherein configuring said group database in said 
server node is accomplished by entering said group name, said ID type of each member of said 
group name and said ID of each member of said group name through a GUI. Shrader teaches 
of using a web based GUI, command line (col. 1, lines 15-34, col. 5, lines 13-col. 6, line 67) 
software application for IP tunneling (i.e., VPN architecture) administration (ABSTRACT, 
figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 
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(claim 14) "The method as recited in claim 12, wherein configuring said group database in said 
server node is accomplished by entering said group name, said ID type of each member of said 
group name and said ID of each member of said group name through a command line interface.". 
Shrader teaches of using a web based GUI, command line (col. 1, lines 15-34, col. 5, lines 13-col. 
6,line 67) software application for IP tunneling (i.e., VPN architecture) administration 
(ABSTRACT, figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

(claim 15) 'The method as recited in claim 12, wherein configuring said group database in said 
server node is accomplished by entering said group name, said ID type of each member of said 
group name and said ID of each member of said group name through configuration files.". 
Shrader teaches of using a web based GUI, command line (col. l,lines 15-34, col. 5, lines 13-col. 
6,line 67) software application for IP tunneling (i.e., VPN architecture) administration 
(ABSTRACT, figures 4-7, and accompanying descriptions). Further, the inherent use of 
configuration files in GUI (i.e., Windows 3.x " ini", and Windows 9x "registry" files ) is well 
known in the art. 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
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qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 
As per claims 35-37; 

(claim 35) "The network system [This claim is the apparatus of method claim 13, and is rejected 
for the same reasons provided for the claim 13 rejection above] as recited in claim 34, wherein 
said group database in said server node is configured by a user entering said group name, said ID 
type of each member of said group name and said ID of each member of said group name 
through a GUI."; 

(claim 36) "The network system [This claim is the apparatus of method claim 14, and is rejected 
for the same reasons provided for the claim 14 rejection above] as recited in claim 34, wherein 
said group database in said server node is configured by a user entering said group name, said ID 
type of each member of said group name and said ID of each member of said group name 
through a command line interface."; 

(claim 37) "The network system [This claim is the apparatus of method claim 15, and is rejected 
for the same reasons provided for the claim 15 rejection above] as recited in claim 34, wherein 
said group database in said server node is configured by a user entering said group name, said ID 
type of each member of said group name and said ID of each member of said group name 
through configuration files."; 
As per claims 59-61; 

(claim 59) "The computer program product as recited in claim 58 [This claim is the software 
embodied on computer readable media for the method of claim 13, and is rejected for the same 
reasons provided for the claim 13 rejection above], wherein configuring said group database in 
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said server node is accomplished by entering said group name, said ID type of each member of 
said group name and said ID of each member of said group name through a GUI". 
(claim 60) "The computer program product as recited in claim 58 [This claim is the software 
embodied on computer readable media for the method of claim 14, and is rejected for the same 
reasons provided for the claim 14 rejection above], wherein configuring said group database in 
said server node is accomplished by entering said group name, said ID type of each member of 
said group name and said ID of each member of said group name through a command line 
interface.". 

(claim 61) "The computer program product as recited in claim 58 [This claim is the software 
embodied on computer readable media for the method of claim 15, and is rejected for the same 
reasons provided for the claim 15 rejection above], wherein configuring said group database in 
said server node is accomplished by entering said group name, said ID type of each member of 
said group name and said ID of each member of said group name through configuration files.". 

22. Claims 17-18,39-40,63-64 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bots et al, U.S. Patent 6,226,748 Bl, as applied to claim 16,38,62, respectively, above, and 
further in view Shrader, U.S. Patent 5,864,666. 
As per claims 17-18; 

(claim 17) "The method as recited in claim 16, wherein configuring said rules database in said 
server node is accomplished by entering said group name, said group name ID type and said 
security policy pointer through a GUI.". Shrader teaches of using a web based GUI, command 
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line (col. 1, lines 15-34, col. 5, lines 13-col. 6,line 67) software application for EP tunneling (i.e., 
VPN architecture) administration (ABSTRACT, figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

(claim 18) "The method as recited in claim 16, wherein configuring said rules database in said 
server node is accomplished by entering said group name, said group name ID type and said 
security policy pointer through a command line interface.". Shrader teaches of using a web based 
GUI, command line (col. 1, lines 15-34, col. 5, lines 13-col. 6,line 67) software application for IP 
tunneling (i.e., VPN architecture) administration (ABSTRACT, figures 4-7, and accompanying 
descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

As per claims 39-40; 

(claim 39) "The network system [This claim is the apparatus of method claim 17, and is rejected 
for the same reasons provided for the claim 17 rejection above] as recited in claim 38, wherein 
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said rules database is configured by a user entering said group name, said group name ID type 
and said security policy pointer through a GUI."; 

(claim 40) "The network system [This claim is the apparatus of method claim 18, and is rejected 
for the same reasons provided for the claim 18 rejection above] as recited in claim 39, wherein 
said rules database is configured by a user entering said group name, said group name ID type 
and said security policy pointer through a command line interface."; 
As per claims 63-64; 

(claim 63) "The computer program product as recited in claim 62 [This claim is the software 
embodied on computer readable media for the method of claim 17, and is rejected for the same 
reasons provided for the claim 17 rejection above], wherein configuring said rules database in 
said server node is accomplished by entering said group name, said group name ID type and said 
security policy pointer through a GUI". 

(claim 64) "The computer program product as recited in claim 62 [This claim is the software 
embodied on computer readable media for the method of claim 18, and is rejected for the same 
reasons provided for the claim 18 rejection above], wherein configuring said rules database in 
said server node is accomplished by entering said group name, said group name ID type and said 
security policy pointer through a command line interface.". 

23. Claims 21-22,43-44,67-68 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bots et al, U.S. Patent 6,226,748 Bl, as applied to claim 19,41,65, respectively, above, and 
further in view Shrader, U.S. Patent 5,864,666. 
As per claims 21-22; 
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(claim 21) "The method as recited in claim 19, wherein said policy database in said client and 
server node are configured by entering said security policy through a GUI at said client and 
server node.". Shrader teaches of using a web based GUI, command line (col. 1, lines 15-34, col. 
5, lines 13-col. 6,line 67) software application for IP tunneling (i.e., VPN architecture) 
administration (ABSTRACT, figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

(claim 22) "The method as recited in claim 19, wherein said policy database in said client and 
server node are configured by entering said security policy through a command line interface at 
said client and server node.". Shrader teaches of using a web based GUI, command line (col. 
1, lines 15-34, col. 5, lines 13-col. 6,line 67) software application for IP tunneling (i.e., VPN 
architecture) administration (ABSTRACT, figures 4-7, and accompanying descriptions) 

It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to be motivated to combine the Bots et al VPN invention, with the Shrader software 
application for IP tunneling (i.e., VPN architecture) administration, because it would allow a 
qualitative user interface improvement in such a distributed network environment for VPN 
administration (col. 1, lines 5-33); 

As per claims 43-44; 
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(claim 43) 'The network system [This claim is the apparatus of method claim 21, and is rejected 
for the same reasons provided for the claim 21 rejection above] as recited in claim 41, wherein 
said policy database in said client and server node are configured by entering said security policy 
through a GUI at said client and server node."; 

(claim 44) "The network system [This claim is the apparatus of method claim 22, and is rejected 
for the same reasons provided for the claim 22 rejection above] as recited in claim 41, wherein 
said policy database in said client and server node are configured by entering said security policy 
through a command line interface at said client and server node."; 
As per claims 67-68; 

(claim 67) "The computer program product as recited in claim 65 [This claim is the software 
embodied on computer readable media for the method of claim 21, and is rejected for the same 
reasons provided for the claim 21 rejection above], wherein said policy database in said client 
and server node are configured by entering said security policy through a GUI at said client and 
server node.". 

(claim 68) "The computer program product as recited in claim 65 [This claim is the software 
embodied on computer readable media for the method of claim 22, and is rejected for the same 
reasons provided for the claim 22 rejection above], wherein said policy database in said client 
and server node are configured by entering said security policy hrough a command line interface 
at said client and server node.". 



Conclusion 
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